StopThePed_4[.]9[.]5[.]2[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

StopThePed_4.9.5.2.rar
Size

2.4MB
MD5

5cf99a9322dbdcc87cf81dd8324c3a8e
SHA1

b83d825b374f01df8dfecd0dca7ef8c0714012e1
SHA256

3b136ae7c701890d5dc7f46aab4d394f0a093b63f106c4105cf97aa96d9598cd
SHA512

3a6230e19b19fb52e960aa699dc11a8fa5b0d5a6dbcd5ca454883af631640b1293688b324b30e217da1f139de89ffb14e54bebb7661fcd1abc69bd6a73bbda99
SSDEEP

49152:6O2nJZQXlhblMt2XhFAxdxKivq1l4utked8xD6Bf31iQIycumX2:6OmJ+X/udxKMeFu6531iByZmX2

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/StopThePed/Plugins/LSPDFR/StopThePed.dll
unpack001/StopThePed/RAGENativeUI.dll

Files

StopThePed_4.9.5.2.rar
.rar
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/Off/StopThePed/animal.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/Off/StopThePed/coroner.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/Off/StopThePed/insurance.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/Off/StopThePed/tow.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/Off/StopThePed/transport.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/On/StopThePed/animal.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/On/StopThePed/coroner.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/On/StopThePed/insurance.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/On/StopThePed/tow.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/Display/On/StopThePed/transport.png
.png
StopThePed/Plugins/LSPDFR/PoliceSmartRadio/This folder only required when you have PoliceSmartRadio.txt
StopThePed/Plugins/LSPDFR/StopThePed.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

StopThePed.pdb

Imports

mscoree

_CorDllMain

Sections

t= F8
Size: 965KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StopThePed/Plugins/LSPDFR/StopThePed.ini
StopThePed/Plugins/LSPDFR/StopThePed/Audio/Readme - Please ask permission if you want to use these audio files.txt
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_0.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_1.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_10_4.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_2.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_3.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_4.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_5.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_6.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_7.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_8.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_9.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_A.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_APPROACH_WITH_CAUTION.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_B.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_C.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_D.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_E.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_F.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_G.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_H.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_I.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_J.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_K.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_L.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_M.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_N.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_O.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_P.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_Q.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_R.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_RADIO_CLICK.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_S.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_STOLEN_VEHICLE.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_T.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_TARGET_IS.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_TARGET_VEHICLE_LICENSE_PLATE.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_TRAFFIC_FELONY.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_TRAFFIC_VIOLATION.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_U.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_V.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_W.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_WARRANT_ISSUED.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_X.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_Y.wav
StopThePed/Plugins/LSPDFR/StopThePed/Audio/STP_Z.wav
StopThePed/Plugins/LSPDFR/StopThePed/CustomQuestions.xml
.xml
StopThePed/Plugins/LSPDFR/StopThePed/Localization.ini
StopThePed/Plugins/LSPDFR/StopThePed/PatDownItems.xml
.xml
StopThePed/Plugins/LSPDFR/StopThePed/PedAnswers.xml
.xml
StopThePed/Plugins/LSPDFR/StopThePed/TrafficStopQuestions.xml
.xml
StopThePed/Plugins/LSPDFR/StopThePed/VehicleItems.xml
.xml
StopThePed/Plugins/LSPDFR/VocalDispatch/StopThePed.xml
.xml
StopThePed/Plugins/LSPDFR/VocalDispatch/This folder only required when you have Vocal Dispatch.txt
StopThePed/RAGENativeUI.dll
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\runneradmin\AppData\Local\Temp\RAGENativeUI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StopThePed/Readme.txt

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

t= F8 Size: 965KB - Virtual size: 965KB

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1024B - Virtual size: 992B

Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 282KB - Virtual size: 281KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

t= F8
Size: 965KB - Virtual size: 965KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 282KB - Virtual size: 281KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B